HP-UX Reference (11i v2 07/12) - 5 Miscellaneous (vol 9)
a
acl(5) acl(5)
wildcard user and group IDs
A user or group name of * (wildcard) matches the user or group ID in any entry, including
% (no specific user or group).
mode bits on, off, or ignored
For operator-form input, the operators
=, +, and -
are applied as follows:
= entry mode value matches this mode value exactly
+ these bits turned on in entry mode value
- these bits turned off in entry mode value
When only + and - operators are used, commands ignore the values of unspecified mode
bits.
Short-form patterns treat the mode identically to the
= operator in operator form.
wildcard mode values
A mode of
* (wildcard) in operator or short form input (for example, "ajs.%=*" or
"(ajs.%,*)") matches any mode value, provided no other mode value is given in a operator-
form entry. Also, the mode part of an entry can be omitted altogether for the same effect.
entries not combined
Entries with matching user and group ID values are not combined. Each entry specified is
applied separately by commands that accept patterns.
ACL Operations Supported
The system calls setacl(2) and getacl(2) allow setting or getting the entire ACL for a file in the form of an
array of acl_entry structures. To check access rights to a file, see access(2) and getaccess(2).
Various library calls are provided to manage ACLs:
acltostr(3C) Convert acl_entry arrays to printable strings.
strtoacl(3C) Parse and convert ACL strings to acl_entry arrays.
strtoaclpatt(3C)
Parse and convert ACL pattern strings to acl_entry_patt arrays.
setaclentry(3C)
fsetaclentry Add, modify, or delete a single ACL entry in one file’s ACL.
cpacl(3C)
fcpacl Copy an ACL and file miscellaneous mode bits (see chmod(2)) from one file to another,
transfer ownership if needed (see below), and handle remote files correctly.
chownacl(3C) Change the file owner and/or group represented in an ACL, that is, transfer ownership (see
below).
The following commands are available to manage ACLs and permissions:
chacl(1) Add, modify, or delete individual entries or all optional entries in ACLs on one or more
files, remove all access to files, or incorporate ACLs into permission bits.
lsacl(1) List ACLs on files.
chmod(1) Change permission bits and other file miscellaneous mode bits.
ls(1) In long form, list permission bits and other file attributes.
find(1) Find files according to their attributes, including ACLs.
getaccess(1) List access rights to file(s).
ACL Interaction with stat(2), chmod(2), and chown(2)
stat The st_mode field summarizes the caller’s access rights to the file. It differs from file permission
bits only if the file has one or more optional entries applicable to the caller. The st_basemode field
provides the file’s actual permission bits. The st_acl field indicates the presence of optional ACL
entries in the file’s ACL.
The st_mode field contains a user-dependent summary, so that programs ignorant of ACLs that use
stat(2) and chmod(2) are more likely to produce expected results, and so that stat(2) provides rea-
sonable information about remote files over NFS. The st_basemode and st_acl fields are useful
only for local files.
28 Hewlett-Packard Company − 5 − HP-UX 11i Version 2: December 2007 Update